Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2595 articles · 173333 vulns · 37/41 feeds (7d)
← Back to list
7.8
CVE-2026-41091KEVEXPLOITEDPATCHED
microsoft · malware_protection_engine

Microsoft Defender Elevation of Privilege Vulnerability

Description

The vulnerability leverages a race condition, enabling an attacker to escalate privileges to System.

Affected Products

VendorProductVersions
microsoftmalware_protection_engine1.1.0.0

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091(vendor-advisory, patch)

Related News (24 articles)

Tier D
SecurityWeek3h ago
Microsoft Patches Defender ‘RoguePlanet’ Vulnerability
→ No new info (linked only)
Tier D
SecurityWeek22d ago
Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day
→ No new info (linked only)
Tier D
The Record29d ago
Microsoft ships largest Patch Tuesday on record, with one bug under active attack
→ No new info (linked only)
Tier D
SecurityWeek29d ago
New Windows Zero-Day Exploit ‘RoguePlanet’ Released
→ No new info (linked only)
Tier C
Rapid7 Blog29d ago
Patch Tuesday - June 2026
→ No new info (linked only)
Tier D
SecurityWeek36d ago
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
→ No new info (linked only)
Tier D
BleepingComputer38d ago
Critical Windows Netlogon RCE flaw now exploited in attacks
→ No new info (linked only)
Tier E
Reddit r/cybersecurity41d ago
Microsoft vs Chaotic Eclipse: three zero-days now actively exploited
→ No new info (linked only)
Tier D
The Hacker News42d ago
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
→ No new info (linked only)
Tier D
Infosecurity Magazine42d ago
Microsoft Condemns "Uncoordinated" Zero Day Disclosures
→ No new info (linked only)
Tier A
Microsoft MSRC44d ago
CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability
→ No new info (linked only)
Tier B
CERT-FR44d ago
Bulletin d'actualité CERTFR-2026-ACT-023 (26 mai 2026)
→ No new info (linked only)
Tier D
The Hacker News44d ago
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
→ No new info (linked only)
Tier D
CSO Online48d ago
Microsoft patches two zero-day flaws in Defender
→ No new info (linked only)
Tier E
Reddit r/cybersecurity48d ago
Two Microsoft Defender vulnerabilities actively exploited. One grants full SYSTEM access. CISA has a June 3 federal deadline. Here is what to check.
→ No new info (linked only)
Tier D
Help Net Security49d ago
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)
→ No new info (linked only)
Tier D
The Hacker News49d ago
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
→ No new info (linked only)
Tier D
SecurityWeek49d ago
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
→ No new info (linked only)
Tier D
BleepingComputer49d ago
Microsoft warns of new Defender zero-days exploited in attacks
→ No new info (linked only)
Tier D
Heise Security49d ago
Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen
→ No new info (linked only)
Tier B
CCCS Canada49d ago
Microsoft security advisory (AV26-489)
→ No new info (linked only)
Tier C
VulDB50d ago
CVE-2026-41091 | Microsoft Malware Protection Engine link following
→ No new info (linked only)
Tier B
BSI Advisories50d ago
[NEU] [hoch] Microsoft Defender und Malware Protection Engine: Mehrere Schwachstellen
→ No new info (linked only)
Tier B
CERT-FR50d ago
Multiples vulnérabilités dans les produits Microsoft (20 mai 2026)
→ No new info (linked only)
CVSS 3.17.8 HIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CISA KEV✅ Yes
Actively exploited✅ Yes
Patch available
1.1.26040.8
CWECWE-59
PublishedMay 20, 2026
Last enriched3h agov11
Tags
CVE-2026-45498AV26-489CVE-2026-41091Known Exploited Vulnerabilitiesdenial-of-serviceRedSunUnDefendCVE-2026-50656
Trending Score156🔥
Source articles24
Independent15
Info Completeness11/14
Missing: epss, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-33825EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 156
HIGHCVE-2026-50656EXP
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 92
HIGHCVE-2026-45659EXPKEV
Microsoft SharePoint Remote Code Execution Vulnerability
Trending: 57
HIGHCVE-2026-58295EXP
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Trending: 44
HIGHCVE-2026-58298EXP
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Trending: 44

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
May 20, 2026
Added to CISA KEV
May 20, 2026
Discovered by ZDM
May 20, 2026
Updated: severity
May 20, 2026
Updated: exploitAvailable, tags
May 20, 2026
Updated: affectedVersions, tags
May 20, 2026
Updated: affectedVersions, tags
May 21, 2026
Updated: affectedVersions, patchAvailable
May 21, 2026
Updated: description, cweIds, tags
May 21, 2026
Updated: description, tags
May 21, 2026
Updated: description, affectedVersions, patchAvailable, tags
May 21, 2026
Updated: description
Jun 10, 2026
Actively Exploited
Jun 19, 2026
Exploit Available
Jun 19, 2026
Patch Available
Jun 19, 2026
Updated: description, tags
Jul 9, 2026

Version History

v11
Last enriched 3h ago
v11Tier D3h ago

Updated description to include details about the race condition and added new CVE-2026-50656 tag.

descriptiontags
via SecurityWeek
v10Tier D29d ago

Updated description with more technical detail about the exploitation method.

description
via The Record
v9Tier D48d ago

Updated description with technical details, added new affected version 1.1.26040.8, and included new tags related to exploitation.

descriptionaffectedVersionspatchAvailabletags
via CSO Online
v8Tier D49d ago

Added a description of CVE-2026-45498 causing a denial-of-service state and included a new tag for denial-of-service.

descriptiontags
via Help Net Security
v7Tier D49d ago

Updated description with more technical detail, added CWE-20, and included new tag 'Known Exploited Vulnerabilities'.

descriptioncweIdstags
via Help Net Security
v6Tier D49d ago

Added affected version 4.18.26040.7 and new tag CVE-2026-45498.

affectedVersionspatchAvailable
via SecurityWeek
v5Tier D49d ago

Added affected version 1.1.26030.3008, updated patch available to version 1.1.26040.8, and included new tags for CVE-2026-45498.

affectedVersionstags
via BleepingComputer
v4Tier B49d ago

Added affected versions 1.1.26040.8 and 4.18.26040.7, and included new tag AV26-489.

affectedVersionstags
via CCCS Canada
v3Tier B49d ago

Marked exploit as available and added new tag for CVE-2026-45498.

exploitAvailabletags
via CERT-FR
v2Tier C50d ago

Updated severity to CRITICAL, noted that no exploit is available, and set patchAvailable to null.

severity
via VulDB
v150d ago

Initial creation